diff --git a/tests/api.c b/tests/api.c
index 1606ebe21..b0301565b 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -11428,15 +11428,14 @@ static int test_wc_Arc4SetKey (void)
     /* Test bad args. */
     if (ret == 0) {
         ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
-        if (ret == BAD_FUNC_ARG) {
-            ret = wc_Arc4SetKey(&arc, NULL, keyLen);
-        }
-        if (ret == BAD_FUNC_ARG) {
-            /* Exits normally if keyLen is incorrect. */
-            ret = wc_Arc4SetKey(&arc, (byte*)key, 0);
-        } else {
+        if (ret == BAD_FUNC_ARG)
+            ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
+        if (ret == BAD_FUNC_ARG)
+            ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
+        if (ret == BAD_FUNC_ARG)
+            ret = WOLFSSL_ERROR_NONE;
+        else
             ret = WOLFSSL_FATAL_ERROR;
-        }
     } /* END test bad args. */
 
     printf(resultFmt, ret == 0 ? passed : failed);
diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c
index ac849a908..9fcd71d86 100644
--- a/wolfcrypt/src/arc4.c
+++ b/wolfcrypt/src/arc4.c
@@ -38,7 +38,7 @@ int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
     word32 i;
     word32 keyIndex = 0, stateIndex = 0;
 
-    if (arc4 == NULL || key == NULL) {
+    if (arc4 == NULL || key == NULL || length == 0) {
         return BAD_FUNC_ARG;
     }
 
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index 200cdc43b..5c194de64 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -715,7 +715,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
     if (blockSize > 8)
         return BAD_FUNC_ARG;
 
-    if (cost < 1 || cost >= 128 * blockSize / 8)
+    if (cost < 1 || cost >= 128 * blockSize / 8 || parallel < 1 || dkLen < 1)
         return BAD_FUNC_ARG;
 
     bSz = 128 * blockSize;